Slashdot Mirror


Today's Windows Virus - MyDoom / Novarg

Oddster writes "There is a new virus out by the name of Novarg which can infect all Windows versions from 95 to XP. It has two interesting features - first, in addition to mass mailing, it also distributes itself via the P2P network Kazaa. Second, it can perform a denial-of-service against www.sco.com. Details at Symantec and F-Secure, although neither seems to have finished their analysis." Other readers have sent in links to coverage at CNET and Security Response, and Russ Nelson provides a sample message.

19 of 847 comments (clear)

  1. Re:Serves people right.. by Kenja · · Score: 5, Insightful

    Dumb people. Problem is that dumb people make up a majority of internet users. This is the same reason that spam works as an advertising method. Its also why toner refills have warnings not to drink the contents and windex warns you not to spray it in your eyes.

    --

    "Have you ever thought about just turning off the TV, sitting down with your kids, and hitting them?"
  2. This should make us look very professional. by Tassleman · · Score: 5, Insightful

    Second, it can perform a denial-of-service against www.sco.com

    Great. This will give SCO some good PR ammo. Thanks guys.

  3. DDoS by DRUNK_BEAR · · Score: 5, Insightful
    It's all fun and jokes at first, but if we look at it from the public's eyes, these types of attacks give a bad name to OSS and the Linux community.

    Obviously, SCO has many ennemies. Most of them are probably nix users and the public knows that. If we want to have the public favor OSS, reputation is also important.

    Just my 0.02$

    --
    DrkBr
  4. This is not a good thing by Tyrdium · · Score: 5, Insightful

    Think about it. Until now, the Linux community has seemed very innocent over this whole issue. It's simply a matter of a company trying to oppress people for it's own gain (at least in the courts' eye). When people start doing illegal things such as writing viruses to get back at SCO, on the other hand, the Linux community loses much of its innocence. Look beyond the surface; this is a big PR hit for the Linux community. Remember the debate when SCO was DDoSed? This is the same thing, but much worse, and on a larger scale. Writing a virus in itself is illegal, given their nature, and a DDoS is also illegal (I'm not counting Slashdottings and the like).

  5. Re:Oh no by the_mad_poster · · Score: 4, Insightful

    Why on earth would you assume that it would be some fringe Linux zealot? It could be a pissed off SCO employee, an investor, someone from IBM, any number of UNIX developers. SCO pissed off a lot of people and you don't actually HAVE to use Linux or even care about it to be smart enough to exploit a dumbass Windows user's gullibility.

    The only thing more blatantly paranoid than YOUR comment would be to say that Darl himself wrote and released it to make people like you say things like that. Except, Darl is a meathead and I doubt he can spell his own name, so I doubt he wrote it.

    --
    Alito: A vote for Alito is a punch in the eye to put that bitch back in her place!
  6. A threat? Really? by unfortunateson · · Score: 5, Insightful

    Let me get this straight:
    1) It has a simple text message plus a binary payload attachment.
    2) It uses no M$ exploits (patched or unpatched) to install itself.
    3) It depends on someone opening the attachment to start an infection.

    And after all this time, people are still clicking on binary attachments? Great googly moogly. At least this sucker is only 20-40K. I'm sick of the 140-160K ones swamping my hotmail account. This one will barely be an annoyance.

    To quote Evil Willow Rosenberg: "Bored now."

    --
    Design for Use, not Construction!
  7. Re:Great! by tigerc · · Score: 4, Insightful

    "Second, it can perform a denial-of-service against www.sco.com."

    Even though I do not approve of SCO's actions against Linux and the open source movements, the spread of a DOS attack against SCO's website is downright wrong. You should be ashamed of the fact that you place yourself one the side of the people who think it is indeed funny to take a company's site down. Does it really matter if they are a hated group? A DOS attack is just plain wrong. In fact, it might be the lowest form of 'revenge' out there.

    If you continue to support these crackers, then SCO is no longer the big Goliath, and SCO's allegations about the dirty open source movement have some validity. The statement, "hey, it's SCO" proves that we are indeed as worse as McBride. If we want to be victorious in the open source/Linux vs. SCO, then we must hold ourselves higher than supporting DOS attacks against SCO.

  8. Quick to judge by jmichaelg · · Score: 4, Insightful
    This topic has barely 30 posts and several posts are already saying it's a Linux user who wrote it. That's a pretty amazing conclusion given the absence of any data.

    Absence of data, hmmm....You guys wouldn't happen to work for sco would you?

  9. Re:Oh no by aralin · · Score: 5, Insightful

    Now Darl seems to have some credibility with the Linux == terrorism threat. Good going, guys....

    I'm not so sure, this was obviously done by a WINDOWS hacker. Most of the Linux hackers I know have no freaking idea about MS Windows internals and they honestly don't even care for that sort of "knowledge".

    --
    If programs would be read like poetry, most programmers would be Vogons.
  10. Trolling /. with viruses? by TrentC · · Score: 4, Insightful

    To all the people who are busy vaulting onto their high horse, ready to scold the Slashdot community for our apparent complicity in this, don't bother. I get so sick of the holier-than-thou attitudes that people cop when the "Linux community" does something to "make Linux look bad".

    First off, why do you assume that the person who wrote the virus is reading Slashdot?
    Second, how do you know he or she isn't cackling with glee over the froth you guys are working up?
    Third, what exactly the hell am I supposed to do about this virus, given that I didn't write it and most likely don't know the person who did write it? Feel bad for SCO?

    If I were a script kiddie, this is exactly the effect I'd go for; try to piss off Windows users and Linux users all in one shot.

    Face it, the "Linux community" is made up of lots and lots of different people, and it only takes a handful to make life harder for the rest of us. But scolding Slashdot isn't going to do anything other than make yourself feel good.

    Jay (=

  11. Re:A threat? Really? by placeclicker · · Score: 4, Insightful

    NEVER underestimate the power of human stupidity.

    --

    Browse at -1, because trolls are often the most creative part of /.
  12. It might be usefull to SCO by hamjudo · · Score: 4, Insightful
    SCO has used past denial of service attacks as "the dog ate my homework" type of excuses in court. They were so happy to be attacked the last time, that they put out multiple press releases. SCO's next court date is in early February, maybe they haven't done all their homework this time.

    SCO just started yet another lawsuit, this time with Novell. Now the financial types could be recalculating how many quarters until SCO runs out of cash and has to cease operations. Let's not let them get distracted by stupid email tricks.

  13. Re:DOS huh? by caluml · · Score: 5, Insightful
    I see that they run with a 60 second DNS refresh - is this forward thinking by them in case they have to change the servers IP, or add more servers? That way, they don't have hours, or days of stale data hanging around.

    Also, does the virus target by IP address, or does it do a full DNS lookup? If it's just IP, it will be easy for them to change the www record, and the servers address. 60 seconds later, everyone apart from the virus will be able to access the site.

  14. Re:DDOS SCO by balthan · · Score: 4, Insightful

    Come on now, you should realize by now that people here don't actually DO anything. Sure, we talk a lot of crap about how thing should be done, but we're a bit short on the actually doing.

  15. Re:Mom by Jimithing+DMB · · Score: 4, Insightful

    Then you're obviously failing to communicate to your mother the gravity of the situation. In all the years my mother used a Windows machine her computer did not have one virus. The rules are very simple. I also have no trouble at the office. With the exception of the H.R. guy who must open attachments (primarily Word documents) in order to read people's resumes it's been a long time since we had any viruses running on any machines in the Hampton office. Furthermore, through a mistake either my boss or I had made we hadn't set his machine to update virus definitions automatically so I give the H.R. guy a lot of credit for having avoided viruses without it.

    It certainly doesn't hurt to have a Symantec Anti-Virus Corporate Edition and to be running Novell GroupWise instead of Microsoft Outlook^WOutbreak but it's not the end-all of virus protection either. Proper user education is an important part of running a network. I keep the users at the office informed about how viruses work and how they propagate. I let them know that I've done all I can and that it's up to them to use their good judgement. I remind them that message headers are just as easily forgeable as the return address on an envelope.

    It's worth the time. I'm not saying I just wrote one message and all viruses were gone. I wrote several. I talked face to face with people in the office about it. I ask them what they think about viruses and spam. I give them the information they need to make informed decisions. In the end, it makes my life a lot easier.

    The simple problem is that people don't know unless you tell them. They only hear what Tom Brokaw or Katie Couric tells them. Tell them how it really works and they will understand and try their best. A few will slip up. Don't be mad at them, just explain things again so they understand.

    The only case where this won't work is if you have a high employee turnover. If you do then let your boss know that viruses are simply another cost of high employee turnover. If you do that then he will have the information he needs to make an informed business decision. Maybe he'll decide it's worth taking some measures to keep people around. Put it in terms of dollars. Do whatever it takes but viruses can become a thing of the past if more companies started to do this.

  16. Re: not hard to beat Norton anyway.... by King_TJ · · Score: 4, Insightful

    I hate to say it, but Norton Anti-Virus doesn't exactly inspire much confidence with me to begin with.

    I've removed a *bunch* of back-door trojan horse programs (MovieWorld and so forth) from Windows PCs that were running Norton AntiVirus 2003 with all the latest signature updates being "Live Updated". The freeware AVG Anti-Virus personal edition found them, as did a relatively unknown scanner called Avast.

    Why is it people have to pay $30+ per year for a subscription renewal for a big-name, commercial scanner that can't even find things the freeware packages find and remove?

  17. Re:Finally! by Nucleon500 · · Score: 5, Insightful

    I know you were joking, but no, attacking sco.com does not make it a worthwhile virus. Yes, SCO deserves a lot of hardship. But any retaliation should be done in a completely legal manner. Why? SCO is trying to make open source look bad in the eyes of businesses. They've said we don't respect copyrights, they say we're anti-business. They screamed loudly about joking death threats and DDoS attacks. They're trying to make us look bad, and whatever we do should make them look bad, make them look like the aggressor they are. Doing obviously illegal things only makes us look bad and SCO look like a victim. So this is a major step backwards.

  18. Re:I would like to see a study done by Johnny+Mnemonic · · Score: 4, Insightful


    that aims to define exactly who it is that is opening email, saving attachments, opening the attachment, running the payload, and is not using AV software.

    Mac users fit that defintion. Why should they care about attachments, really? There will be, one day, I'm sure, a virus that infects Macs--just as there have been in the past. And that will be a day of reckoning, as millions of Mac users scramble to get virus-smart. But the last 4 years of being virus-free, without any A/V software, and blithely opening attachments has made most Mac users pretty carefree, and careless.

    --

    --
    $tar -xvf .sig.tar
  19. Re:How does this make open source look bad again? by Nucleon500 · · Score: 4, Insightful
    A step backwards for reputation of the Linux and open source communities in the eyes of people who haven't followed the SCO case closely and don't know any better. It's not material harm, but I think perception is important here.

    Darl will say Linux supporters must have done it, and the media will quote him, and clueless people will read it and associate whoever did it with us. So while we know it wasn't "one of us" and we don't support it (except in jest), people will read otherwise. We unfortunately don't get to choose who the public associates us with.